Index: typo3/sysext/cms/tslib/content/class.tslib_content_form.php
===================================================================
--- typo3/sysext/cms/tslib/content/class.tslib_content_form.php	(Revision 9766)
+++ typo3/sysext/cms/tslib/content/class.tslib_content_form.php	(Arbeitskopie)
@@ -175,7 +175,7 @@
 			}
 			if ($dataValue && strcspn($dataValue, '#/')) {
 					// label:
-				$confData['label'] = trim($parts[0]);
+				$confData['label'] = t3lib_div::removeXSS(trim($parts[0]));
 					// field:
 				$fParts = explode(',', $parts[1]);
 				$fParts[0] = trim($fParts[0]);
@@ -203,6 +203,7 @@
 				} else {
 					$confData['fieldname'] = str_replace(' ', '_', trim($typeParts[0]));
 				}
+				$confData['fieldname'] = htmlspecialchars($confData['fieldname']);
 				$fieldCode = '';
 
 				$wrapFieldName = isset($conf['wrapFieldName'])